Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

REST ensure user is admin user

Anonymouslemmin
Anonymouslemming June 8, 2015

HI all,

I'm creating a REST plugin to allow us to automate a few things where the JAVA API is available in Jira, but is not exposed by the existing REST plugins. 

The functionality works fine, but any authenticated user can run it regardless of their role in JIRA . This is obviously not desirable.

We would like to restrict this to users who have either the 'JIRA System Administrators' or 'JIRA Administrators' role. 

Does anyone have any example of a REST plugin that does this as I can't find anything in the REST documentation I've been working from that explains how to do this. 

Thanks!

Watch
Like Arun_Thundyill_Saseendran likes this
985 views

1 answer

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

2 votes
Answer accepted
Andreas Ebert
Andreas Ebert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 8, 2015

For a fairly recent JIRA version, I suggest you use GlobalPermissionManager in conjunction with GlobalPermissionKey, like so:

globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, user)
View More Comments
Anonymouslemmin
Anonymouslemming June 8, 2015

Thanks - I've done that, but no matter what user we test as, globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, user) returns true. I'm getting the logged in user using jiraAuthenticationContext.getUser() in my constructor. I then do logger.warn("Permission: " + globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, loggedInUser)); if (globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, loggedInUser)) { // Do Stuff } Every user I've asked to test with returns: 2015-06-08 11:57:44,309 ajp-bio-127.0.0.1-19041-exec-1, unique_id=ID, time=1433779064300, uri=/jira/rest/myrest/1.0/plugin WARN USERNAME foo bar 10.1.1.1,10.1.1.2,10.1.1.3 /rest/myrest/1.0/plugin [plugins.myapp.rest.MyClass] Permission: true The users are definitely not in any group associated with the JIRA System Administrators or JIRA Administrators roles under Global Permissions. I've also tried using GlobalPermissionKey.SYSTEM_ADMIN with the same result. Any idea how I'd debug that further ?

Like
Andreas Ebert
Andreas Ebert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 8, 2015

You're calling "jiraAuthenticationContext.getUser()" in the constructor?! If that is really the case, then that is the error. You have to call getUser() in each REST-method separately. The constructor is called only ONCE when installing/activating the plugin, and saving the user there is an error. You can save a reference to JiraAuthenticationContext, but NOT the logged-in user.

Like
Anonymouslemmin
Anonymouslemming June 8, 2015

Ah, ok - that makes a lot of sense. *blush* - thanks loads, that's working now in each method. I was hoping to avoid per-call overhead, but it makes sense that the lib isn't instantiated for each request, so the constructor is the wrong place to do it.

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events